Overview

overview

10

Static

static

77cb80456d...6a.exe

windows7-x64

10

77cb80456d...6a.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    77cb80456d210a88217896c269e59867528f06d7989ef085e450a087d069606a

  • Size

    150KB

  • Sample

    221019-yqlj9aeha6

  • MD5

    9243c91ccecb18eea2d34a36c84a39cb

  • SHA1

    a1e6643e6bd9c44f919d5074b74ad3409cbdac6d

  • SHA256

    ad48c30022e44f886d8f47c7d598f4169ecb1f8200945b2c3644b9792943b6ac

  • SHA512

    6755fced188a6bea25f7d7dc1e5e262f6874abc3f6dd742cfcca607316d03d2a8e8d546279d43312961780be2cc3a7e7d74588b4f950a237133a9a657bf081ee

  • SSDEEP

    3072:MhgNeTc7CezRqbLHIYWiDWOqmkJIge5jddIYMT+:Nectqgj64mkKgK5dIYMT+

Score
10/10
danabotsmokeloaderbackdoorbankertrojan

Malware Config

Extracted

Family

danabot

Attributes
  • embedded_hash

    56951C922035D696BFCE443750496462

  • type

    loader

Targets

    • Target

      77cb80456d210a88217896c269e59867528f06d7989ef085e450a087d069606a

    • Size

      229KB

    • MD5

      323eec36d438709a3e745d5247cc83e9

    • SHA1

      55b2bd1311736bf3a4125d8dffa69a922d3f75f6

    • SHA256

      77cb80456d210a88217896c269e59867528f06d7989ef085e450a087d069606a

    • SHA512

      eed56a1049498786381070f3ac30f5849a4408b5e9be36e1cc45188e18cd36836e7e67bf13d4882e15ca54e0759ee93bb14b1af880ba8d7c6e783ea6b1114c99

    • SSDEEP

      3072:tb5+USHs19cAqdLzrYrWqXPq6FVrcFep81sX9C/byeD/HPGWF5:tblUsfoLPYrXPrcIp8EtE+

    Score
    10/10
    smokeloaderbackdoortrojandanabotbanker

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

      trojanbankerdanabot

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Downloads MZ/PE file

    • Executes dropped EXE

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks